From e948fc7bb8adc10fb51fe07d90c223d5b7de7916 Mon Sep 17 00:00:00 2001 From: Marius Alwan Meyer <22202402+Sporqist@users.noreply.github.com> Date: Sat, 11 Mar 2023 23:28:36 +0100 Subject: [PATCH] verschiebe mehr secrets in den vault --- templates/docker-compose.yaml.j2 | 5 ++--- templates/environment.env.j2 | 11 +++++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2 index 86ee29e..084f5f9 100644 --- a/templates/docker-compose.yaml.j2 +++ b/templates/docker-compose.yaml.j2 @@ -25,7 +25,6 @@ services: user: "{{ git_user.uid }}:{{ git_user.group }}" env_file: ./environment.env environment: - - GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] | default('') }} - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=db:3306 - GITEA__database__NAME=gitea @@ -42,8 +41,8 @@ services: environment: - MYSQL_DATABASE=gitea - MYSQL_USER=gitea - - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['db_secret'] }}" - - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['db_root_secret'] }}" + - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['passwd'] }}" + - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['root_passwd'] }}" networks: - gitea volumes: diff --git a/templates/environment.env.j2 b/templates/environment.env.j2 index 55a3538..903c7e5 100644 --- a/templates/environment.env.j2 +++ b/templates/environment.env.j2 @@ -59,6 +59,9 @@ GITEA__mailer__ENABLE_HELO={{ gitea_vars.mailer.enable_helo }} {% if 'user' in gitea_vars['mailer'] %} GITEA__mailer__USER={{ gitea_vars.mailer.user }} {% endif %} +{% if 'passwd' in vault[inventory_hostname]['gitea']['mailer'] %} +GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] }} +{% endif %} {% endif %} {# /mailer #} {% if 'repository' in gitea_vars %} @@ -101,8 +104,8 @@ GITEA__attachment__MINIO_ENDPOINT={{ gitea_vars.attachment.minio_endpoint }} {% if 'minio_access_key_id' in gitea_vars['attachment'] %} GITEA__attachment__MINIO_ACCESS_KEY_ID={{ gitea_vars.attachment.minio_access_key_id }} {% endif %} -{% if 'minio_secret_access_key' in gitea_vars['attachment'] %} -GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ gitea_vars.attachment.minio_secret_access_key }} +{% if 'minio_secret_access_key' in vault[inventory_hostname]['gitea']['attachment'] %} +GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ vault[inventory_hostname]['gitea']['attachment']['minio_secret_access_key'] }} {% endif %} {% if 'minio_bucket' in gitea_vars['attachment'] %} GITEA__attachment__MINIO_BUCKET={{ gitea_vars.attachment.minio_bucket }} @@ -160,8 +163,8 @@ GITEA__ssh.minimum_key_sizes__DSA={{ gitea_vars.ssh.minimum_key_sizes.dsa }} {% if 'install_lock' in gitea_vars['security'] %} GITEA__security__INSTALL_LOCK={{ gitea_vars.security.install_lock }} {% endif %} -{% if 'secret_key' in gitea_vars['security'] %} -GITEA__security__SECRET_KEY={{ gitea_vars.security.secret_key }} +{% if 'secret_key' in vault[inventory_hostname]['gitea']['security'] %} +GITEA__security__SECRET_KEY={{ vault[inventory_hostname]['gitea']['security']['secret_key'] }} {% endif %} {% if 'secret_key_uri' in gitea_vars['security'] %} GITEA__security__SECRET_KEY_URI={{ gitea_vars.security.secret_key_uri }}